mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-24 21:51:03 +01:00
Compare commits
No commits in common. "49def04f67fd50e1a33cca781a8b078b62c9c1d3" and "18437bc2ecbffde88b9b5097ece38713b1bfadf0" have entirely different histories.
49def04f67
...
18437bc2ec
27
README.md
27
README.md
@ -33,11 +33,29 @@ This software shipts the following tools which are natively setup on the server:
|
|||||||
- [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups
|
- [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups
|
||||||
- [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems
|
- [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems
|
||||||
- [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers
|
- [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers
|
||||||
- [Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
|
- [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
|
||||||
- [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes
|
- [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes
|
||||||
- [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them
|
- [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them
|
||||||
- [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
|
- [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
|
||||||
|
|
||||||
|
### Server Administration
|
||||||
|
|
||||||
|
#### Cleanup docker
|
||||||
|
``bash
|
||||||
|
docker stop $(docker ps -aq); docker rm $(docker ps -aq); docker volume rm $(docker volume ls -q);
|
||||||
|
``
|
||||||
|
|
||||||
|
#### Restart
|
||||||
|
|
||||||
|
To mercifull restart the server and to prevent data lost type in:
|
||||||
|
|
||||||
|
``bash
|
||||||
|
docker stop $(docker ps -a -q) && systemctl stop docker && shutdown -r +2 "The system will shutdown in 2 minutes"
|
||||||
|
``
|
||||||
|
|
||||||
|
May it's neccessary to restart some of the the docker containers manual afterwards.
|
||||||
|
|
||||||
|
|
||||||
## Personal Computers
|
## Personal Computers
|
||||||
|
|
||||||
This playbooks offers the setup of Manjaro GNOME clients.
|
This playbooks offers the setup of Manjaro GNOME clients.
|
||||||
@ -66,13 +84,6 @@ Run:
|
|||||||
ansible-galaxy collection install -r requirements.yml
|
ansible-galaxy collection install -r requirements.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Addidional Parameters
|
|
||||||
|
|
||||||
- activate_all_timers (bool): Activates matomo tracking on all html pages
|
|
||||||
- nginx_matomo_tracking_active (bool): Activates matomo tracking on all html pages
|
|
||||||
|
|
||||||
The role specific parameters are descriped in the readme.md of the roles
|
|
||||||
|
|
||||||
## Author
|
## Author
|
||||||
|
|
||||||
Kevin Veen-Birkenbach
|
Kevin Veen-Birkenbach
|
||||||
|
@ -30,8 +30,3 @@ path_administrator_home: "/home/administrator/"
|
|||||||
path_administrator_scripts: "{{path_administrator_home}}scripts/"
|
path_administrator_scripts: "{{path_administrator_home}}scripts/"
|
||||||
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
|
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
|
||||||
path_docker_compose_files: "{{path_administrator_home}}docker-compose/"
|
path_docker_compose_files: "{{path_administrator_home}}docker-compose/"
|
||||||
|
|
||||||
# Runtime Variables
|
|
||||||
activate_all_timers (bool): false # Activates all timers, independend if the handlers had been triggered
|
|
||||||
nginx_matomo_tracking_active: false # Activates matomo tracking on all html pages
|
|
||||||
execute_updates: true # Executes updates
|
|
@ -2,10 +2,8 @@
|
|||||||
- name: general setup
|
- name: general setup
|
||||||
hosts: all
|
hosts: all
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
|
||||||
roles:
|
roles:
|
||||||
- role: update
|
- update
|
||||||
when: execute_updates is true
|
|
||||||
|
|
||||||
- name: servers host setup
|
- name: servers host setup
|
||||||
hosts: servers
|
hosts: servers
|
||||||
@ -38,7 +36,7 @@
|
|||||||
|
|
||||||
# Native Webserver Roles
|
# Native Webserver Roles
|
||||||
- name: setup nginx-homepages
|
- name: setup nginx-homepages
|
||||||
hosts: homepage
|
hosts: nginx-homepage
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- role: nginx-homepage
|
- role: nginx-homepage
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: register directory
|
- name: register directory
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -7,13 +7,13 @@
|
|||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template:
|
template:
|
||||||
src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
|
src: roles/docker-reverse-proxy/templates/domain.conf.j2
|
||||||
dest: /etc/nginx/conf.d/{{domain}}.conf
|
dest: /etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
#- name: configure {{ mail_interface_domain }}.conf
|
#- name: configure {{ mail_interface_domain }}.conf
|
||||||
# template:
|
# template:
|
||||||
# src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
|
# src: roles/docker-reverse-proxy/templates/domain.conf.j2
|
||||||
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
|
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
|
||||||
# vars:
|
# vars:
|
||||||
# http_port: "{{ mail_interface_http_port }}"
|
# http_port: "{{ mail_interface_http_port }}"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{docker_compose_path}}"
|
- name: "create {{docker_compose_path}}"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: create elasticsearch-sysctl.conf
|
- name: create elasticsearch-sysctl.conf
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{docker_compose_path}}"
|
- name: "create {{docker_compose_path}}"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}} https
|
- name: configure {{domain}} https
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_folder}}"
|
- name: "create {{path_docker_compose_folder}}"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "docker jenkins"
|
- name: "docker jenkins"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_folder}}"
|
- name: "create {{path_docker_compose_folder}}"
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: recreate listmonk
|
|
||||||
command:
|
|
||||||
cmd: docker-compose -p listmonk up -d --force-recreate
|
|
||||||
chdir: "{{path_docker_compose_files}}listmonk/"
|
|
||||||
environment:
|
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
|
@ -1,2 +0,0 @@
|
|||||||
dependencies:
|
|
||||||
- docker-reverse-proxy
|
|
@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
- name: recieve {{domain}} certificate
|
|
||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
|
||||||
template:
|
|
||||||
src: "roles/docker-reverse-proxy/templates/domain.conf.j2"
|
|
||||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
|
||||||
notify: restart nginx
|
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_files}}listmonk/"
|
|
||||||
file:
|
|
||||||
path: "{{path_docker_compose_files}}listmonk/"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
|
||||||
template:
|
|
||||||
src: "docker-compose.yml.j2"
|
|
||||||
dest: "{{path_docker_compose_files}}listmonk/docker-compose.yml"
|
|
||||||
notify: recreate listmonk
|
|
@ -1,31 +0,0 @@
|
|||||||
[app]
|
|
||||||
# Interface and port where the app will run its webserver. The default value
|
|
||||||
# of localhost will only listen to connections from the current machine. To
|
|
||||||
# listen on all interfaces use '0.0.0.0'. To listen on the default web address
|
|
||||||
# port, use port 80 (this will require running with elevated permissions).
|
|
||||||
address = "localhost:9000"
|
|
||||||
|
|
||||||
# BasicAuth authentication for the admin dashboard. This will eventually
|
|
||||||
# be replaced with a better multi-user, role-based authentication system.
|
|
||||||
# IMPORTANT: Leave both values empty to disable authentication on admin
|
|
||||||
# only where an external authentication is already setup.
|
|
||||||
admin_username = "listmonk"
|
|
||||||
admin_password = "listmonk"
|
|
||||||
|
|
||||||
# Database.
|
|
||||||
[db]
|
|
||||||
host = "localhost"
|
|
||||||
port = 5432
|
|
||||||
user = "listmonk"
|
|
||||||
password = "listmonk"
|
|
||||||
|
|
||||||
# Ensure that this database has been created in Postgres.
|
|
||||||
database = "listmonk"
|
|
||||||
|
|
||||||
ssl_mode = "disable"
|
|
||||||
max_open = 25
|
|
||||||
max_idle = 25
|
|
||||||
max_lifetime = "300s"
|
|
||||||
|
|
||||||
# Optional space separated Postgres DSN params. eg: "application_name=listmonk gssencmode=disable"
|
|
||||||
params = ""
|
|
@ -1,54 +0,0 @@
|
|||||||
# NOTE: This docker-compose.yml is meant to be just an example guideline
|
|
||||||
# on how you can achieve the same. It is not intented to run out of the box
|
|
||||||
# and you must edit the below configurations to suit your needs.
|
|
||||||
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
x-app-defaults: &app-defaults
|
|
||||||
restart: unless-stopped
|
|
||||||
image: listmonk/listmonk:latest
|
|
||||||
ports:
|
|
||||||
- "9000:9000"
|
|
||||||
networks:
|
|
||||||
- listmonk
|
|
||||||
environment:
|
|
||||||
- TZ=Etc/UTC
|
|
||||||
|
|
||||||
x-db-defaults: &db-defaults
|
|
||||||
image: postgres:13
|
|
||||||
ports:
|
|
||||||
- "9432:5432"
|
|
||||||
networks:
|
|
||||||
- listmonk
|
|
||||||
environment:
|
|
||||||
- POSTGRES_PASSWORD=listmonk
|
|
||||||
- POSTGRES_USER=listmonk
|
|
||||||
- POSTGRES_DB=listmonk
|
|
||||||
restart: unless-stopped
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD-SHELL", "pg_isready -U listmonk"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 6
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
<<: *db-defaults
|
|
||||||
container_name: listmonk_db
|
|
||||||
volumes:
|
|
||||||
- type: volume
|
|
||||||
source: listmonk-data
|
|
||||||
target: /var/lib/postgresql/data
|
|
||||||
|
|
||||||
app:
|
|
||||||
<<: *app-defaults
|
|
||||||
container_name: listmonk_app
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
volumes:
|
|
||||||
- ./config.toml:/listmonk/config.toml
|
|
||||||
networks:
|
|
||||||
listmonk:
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
listmonk-data:
|
|
@ -1,3 +1,3 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
- systemd_notifier
|
- systemd_notifier
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
vars:
|
vars:
|
||||||
client_max_body_size: "31M"
|
client_max_body_size: "31M"
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_files}}mailu"
|
- name: "create {{path_docker_compose_files}}mailu"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -8,11 +8,6 @@ server {
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking_active | default(False) %}
|
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
|
|
||||||
keepalive_timeout 70;
|
keepalive_timeout 70;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
client_max_body_size 80m;
|
client_max_body_size 80m;
|
||||||
@ -28,7 +23,7 @@ server {
|
|||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000";
|
add_header Strict-Transport-Security "max-age=31536000";
|
||||||
|
|
||||||
{% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||||
|
|
||||||
location /api/v1/streaming {
|
location /api/v1/streaming {
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
@ -18,7 +18,7 @@ This Ansible role deploys a Matomo analytics platform instance using Docker.
|
|||||||
|
|
||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
- `nginx-docker-reverse-proxy`: An Ansible role for configuring the reverse proxy.
|
- `docker-reverse-proxy`: An Ansible role for configuring the reverse proxy.
|
||||||
|
|
||||||
## Example Playbook
|
## Example Playbook
|
||||||
|
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template:
|
template:
|
||||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
src: "roles/docker-reverse-proxy/templates/domain.conf.j2"
|
||||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "docker mediawiki"
|
- name: "docker mediawiki"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: create data folder
|
- name: create data folder
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -4,10 +4,6 @@ server
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking_active | default(False) %}
|
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Remove X-Powered-By, which is an information leak
|
# Remove X-Powered-By, which is an information leak
|
||||||
fastcgi_hide_header X-Powered-By;
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
|
||||||
@ -19,7 +15,7 @@ server
|
|||||||
client_body_buffer_size 400M;
|
client_body_buffer_size 400M;
|
||||||
fastcgi_buffers 64 4K;
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
{% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||||
|
|
||||||
location ^~ /.well-known {
|
location ^~ /.well-known {
|
||||||
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;
|
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -8,11 +8,6 @@ server {
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking_active | default(False) %}
|
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# Application
|
# Application
|
||||||
##
|
##
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{docker_compose_path}}"
|
- name: "create {{docker_compose_path}}"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# role nginx-docker-reverse-proxy
|
# role docker-reverse-proxy
|
||||||
|
|
||||||
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.
|
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.
|
||||||
|
|
@ -2,11 +2,6 @@ server
|
|||||||
{
|
{
|
||||||
server_name {{domain}};
|
server_name {{domain}};
|
||||||
|
|
||||||
{% if nginx_matomo_tracking_active | default(False) %}
|
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
|
|
||||||
{% if client_max_body_size is defined %}
|
{% if client_max_body_size is defined %}
|
||||||
client_max_body_size {{ client_max_body_size }};
|
client_max_body_size {{ client_max_body_size }};
|
||||||
{% endif %}
|
{% endif %}
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create {{docker_compose_path}}"
|
- name: "create {{docker_compose_path}}"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
vars:
|
vars:
|
||||||
client_max_body_size: "{{wordpress_max_upload_size}}"
|
client_max_body_size: "{{wordpress_max_upload_size}}"
|
||||||
domain: "{{item}}"
|
domain: "{{item}}"
|
||||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
|
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
|
||||||
loop: "{{domains}}"
|
loop: "{{domains}}"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-docker-reverse-proxy
|
- docker-reverse-proxy
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template:
|
template:
|
||||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
src: "roles/docker-reverse-proxy/templates/domain.conf.j2"
|
||||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
@ -5,10 +5,6 @@ server
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking_active | default(False) %}
|
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
location /
|
location /
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
# Nginx Matomo Tracking Role
|
|
||||||
|
|
||||||
This Ansible role automates the integration of Matomo tracking code into Nginx-served websites. It simplifies the process of adding the Matomo analytics tracking script and image tracker to all your web pages served through Nginx.
|
|
||||||
|
|
||||||
## Features
|
|
||||||
- Automated insertion of Matomo tracking script into the `</head>` tag of HTML pages.
|
|
||||||
- Integration of a noscript image tracker before the `</body>` tag for tracking users with JavaScript disabled.
|
|
||||||
- Configuration to apply changes on every request, ensuring that dynamic content and single-page applications are also tracked.
|
|
||||||
|
|
||||||
## Requirements
|
|
||||||
- Nginx installed on the target server.
|
|
||||||
- Matomo analytics platform set up and accessible.
|
|
||||||
|
|
||||||
## Role Variables
|
|
||||||
- `matomo_domain`: The domain of your Matomo installation.
|
|
||||||
- `base_domain`: The base domain of the website you wish to track.
|
|
||||||
- `matomo_site_id`: The site ID configured in your Matomo dashboard.
|
|
||||||
|
|
||||||
## Dependencies
|
|
||||||
- None. This role is designed to be included in Nginx server block configurations.
|
|
||||||
|
|
||||||
## Example Usage
|
|
||||||
To enable Matomo tracking on your Nginx website, include the role in your playbook and set the required variables.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
- hosts: webserver
|
|
||||||
roles:
|
|
||||||
- { role: nginx-matomo-tracking, matomo_domain: 'matomo.example.com', base_domain: 'example.com', matomo_site_id: '1' }
|
|
||||||
```
|
|
||||||
|
|
||||||
## Customization
|
|
||||||
You can customize the tracking script and the noscript image tracker by editing the `matomo-tracking.js.j2` and `matomo-tracking.conf.j2` templates.
|
|
||||||
|
|
||||||
## Author Information
|
|
||||||
This role was created in 2023 by Kevin Veen Birkenbach, providing a seamless way to add Matomo analytics to any website served via Nginx.
|
|
@ -1,38 +0,0 @@
|
|||||||
- name: Check if site already exists in Matomo
|
|
||||||
uri:
|
|
||||||
url: "https://{{matomo_domain}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}"
|
|
||||||
method: GET
|
|
||||||
return_content: yes
|
|
||||||
status_code: 200
|
|
||||||
validate_certs: yes
|
|
||||||
register: site_check
|
|
||||||
|
|
||||||
- name: Set fact for site ID if site already exists
|
|
||||||
set_fact:
|
|
||||||
matomo_site_id: "{{ site_check.json[0].idsite }}"
|
|
||||||
when: "(site_check.json | length) > 0"
|
|
||||||
|
|
||||||
- name: Add site to Matomo and get ID if not exists
|
|
||||||
uri:
|
|
||||||
url: "https://{{ matomo_domain }}/index.php"
|
|
||||||
method: POST
|
|
||||||
body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ matomo_auth_token }}&format=json"
|
|
||||||
body_format: form-urlencoded
|
|
||||||
status_code: 200
|
|
||||||
return_content: yes
|
|
||||||
validate_certs: yes
|
|
||||||
register: add_site
|
|
||||||
when: "matomo_site_id is not defined"
|
|
||||||
|
|
||||||
- name: Set fact for site ID if site was added
|
|
||||||
set_fact:
|
|
||||||
matomo_site_id: "{{ add_site.json.value }}"
|
|
||||||
when: "matomo_site_id is not defined"
|
|
||||||
|
|
||||||
- name: Set the Matomo tracking code from a template file
|
|
||||||
set_fact:
|
|
||||||
matomo_tracking_code: "{{ lookup('template', 'matomo-tracking.js.j2') }}"
|
|
||||||
|
|
||||||
- name: Set the tracking code as a one-liner
|
|
||||||
set_fact:
|
|
||||||
matomo_tracking_code_one_liner: "{{ matomo_tracking_code | regex_replace('\\n', '') | regex_replace('\\s+', ' ') }}"
|
|
@ -1,5 +0,0 @@
|
|||||||
# sub filters to integrate matomo tracking code in nginx websites
|
|
||||||
sub_filter '</head>' '<script>{{matomo_tracking_code_one_liner}}</script></head>';
|
|
||||||
sub_filter '</body>' '<noscript><p><img src="//matomo.veen.world/matomo.php?idsite={{matomo_site_id}}&rec=1" style="border:0;" alt="" /></p></noscript></body>';
|
|
||||||
sub_filter_once off;
|
|
||||||
# sub_filter_types text/html; This is standart
|
|
@ -1,14 +0,0 @@
|
|||||||
var _paq = window._paq = window._paq || [];
|
|
||||||
_paq.push(["setCookieDomain", "*.{{base_domain}}"]);
|
|
||||||
_paq.push(["setDomains", ["*.{{base_domain}}"]]);
|
|
||||||
_paq.push(["enableCrossDomainLinking"]);
|
|
||||||
_paq.push(["trackPageView"]);
|
|
||||||
_paq.push(["trackAllContentImpressions"]);
|
|
||||||
_paq.push(["enableLinkTracking"]);
|
|
||||||
(function() {
|
|
||||||
var u="//{{matomo_domain}}/";
|
|
||||||
_paq.push(["setTrackerUrl", u+"matomo.php"]);
|
|
||||||
_paq.push(["setSiteId", "{{matomo_site_id}}"]);
|
|
||||||
var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];
|
|
||||||
g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);
|
|
||||||
})();
|
|
@ -1,2 +0,0 @@
|
|||||||
matomo_domain: "matomo.{{top_domain}}"
|
|
||||||
base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
|
|
@ -9,11 +9,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Activate NGINX matomo tracking
|
|
||||||
include_role:
|
|
||||||
name: nginx-matomo-tracking
|
|
||||||
when: nginx_matomo_tracking_active and domain is defined
|
|
||||||
|
|
||||||
- name: create nginx config file
|
- name: create nginx config file
|
||||||
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
Loading…
Reference in New Issue
Block a user